[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
From: Paul <pa011@xxxxxx>
Date: Sun, 13 May 2018 15:34:06 +0200
Autocrypt: addr=pa011@xxxxxx; prefer-encrypt=mutual; keydata= xsFNBFahW+cBEADGuGCvs5NjPecDFv8LtXSFcXlAVV08ZVQogVLzmGv1wttAeCvDGAaEHn+W i9rQVZqlOJV77e4QNBbiWwh5jGqNd3Hmd3/HH2ypvzne8wuQJXWReHFEGQ8TrlaDdU5WGkVf SykxTi7Z7nsQfreso0bHPjdtwhsZZnVKbRZrAgPAjREoNiBGGKc2c6geYiBiQEDFgipAc75T kkrTZE+twKsJfGRv5y17+FfVY379AsuiwUR6GjLgTqlcoa2Hx7emFB7SE8wKHo5Io84BXnnU A7xIs1N/Ih0aeOEN2T7z33ZRlwGnm8WwBFEVhW5LN9nZRSSNunjA9BxhKyUTf6vPRXN4uK0o NqxjguQFPoU4Uj/FD5I71rYWqiwvD065XJB0TX2ArqvTabBo5RWjiSLs3L4gzXjr2zLG5WWD NaDmifm3JF8p0b0HGdMMHxOr2t/FcR5XAQLREZN/vHHV9+s/qRcwM0F2Sp4868nXPR4WcLNJ /u3r4wttiF5Zq9kQ4br88makIGj77opW36kbP0uR19B2/pdqURKhdWJJK/2GImSE1cpHsXqB Bb5PNnUu9h3QxVJv61B3eXihzs+a5u/5SyHE43V0eFFBd1peXMu02FB1Fn5OzxisUGf93FMF rqOzYvEE7YKXaQMp9bMTpBkMqlYWuyuqPSmv/84VTPhhB7YhLwARAQABzRRwYTAxMSA8cGEw MTFAd2ViLmRlPsLBfwQTAQIAKQUCVqFb5wIbIwUJCWYBgAcLCQgHAwIBBhUIAgkKCwQWAgMB Ah4BAheAAAoJEMLM1gfIwzDnVvsP/j2SInCcE4//IEADMrgiUWVVzlFMGgQRVBfNCPao+DE2 BJz3ZBAgOPevvlDX6xpXfaIXQdD56WNByor0Dm83EY0s/fC+79kSUsK1ur3QtRhSkKxvfqsg WJ//Yx3dmnIbBUC4oFM2XsF3qTSP2Bnb2f3YhdP240OaWd02qclNnh+CAfJ8BCqxadWQlxri akXmcYckvHlHI1UIVxUnrXuobY+cUEYS3ZWcn15XzOwcu+7q3VZ9aiZIxxk23ViUzfquikkX mZXlbUDjeoVYvQxCrBzlSbeebvQxKTXP1Fb4Ph5voN23mZkdQGYgei/W4ORCBj5B/ltPMiiA hbRS1Tp4vmC6K/Pn9zQHZqJI+F69p3wZTXuAYYNJ94zsGOlHkJn7APhQMoMM9PUomK4K3FML JDP3sNWXlibFj4qu2MRj9QFlUGIfe9HVeio341subxdn5tB4a1KVjLYeicy+uf7bHLAbT8cG /FytlMbCyI707RAPik16Sm0VuojRwXqfjl+JtrlHJHOV16y3d9ZiDK5IJuunk4y4h6q7mAmt oDRRdyeAx/UDJdaitjy9VUvVu6eg4+2vi/rNLulCcZCThFYPOUT/d6ST8d3cPc+5ECxs3+Vi 3AMnTSMhkhUo1IReZElIH8EMLs1Y/8LAeBbMlywV0DPezEaU09rSPuda8VKTzQfKzsFNBFah W+cBEADNr9nNEvtmTUfv44GADRpxUU3wInAlpj2rqdRcKvcZr/w2AP8RRPk/7zYm+6vsBbql MPH2JqacSWNHN3enG2CSRfB2kWQivHbM9Wpl3cf2pfvNgUm3YMcJvzZ9vSA4D+FstZlSdOiE GLIfcTToZPzVFB50K3wNM502SxYsP93B3FKeQA9TI9Q5Lk63bJyTKbEK8e9W3Sux7cVPA5eR nLGhOS1dZV1JGnzE0NuoultbMHKtQhjLPolEkms3T1/yq/xf+qk9JOpUtF18gc4X7rYqOvVY yaxRp0hdzRIGLDkOupgQ3wh23jLGZ4DqOWvCGXVNBrCNe//2q8lbDjav95MXsjeKNYga9M7A fX6h/TH0aE7jjVMRErbbG1NfC7HcQUXnfB7X4RKmRl5Wrvm8orExAsiXKnhsrUkCzRoxYdvh Wno9HiRj2xyryQVDeEoWqMwbZ6HHvPn61LdV46F92ZBo6zhIAdarxEHKQ15y4CsBB0lcY2SO tdo7c875wbY7MFgPLL9ucOS4FHg8ck2pR3u2ECblo39h53Lx7d6opNN9ghmlk/sBjrKx2MxI Xw6EUNdUEKXr+FqIHUXwTrK/3jLMeDa8BChSFo7RIFLxlEPLC/xcwh9dBlmz6C4k9TLryjbl IMcJ+UPdW3xbrkp0xGEhkRoiCqs1+Gc1Iq5+QJ4LtwARAQABwsFlBBgBAgAPBQJWoVvnAhsM BQkJZgGAAAoJEMLM1gfIwzDnrQQP/iXLpaidsoTFDypdfbiHbsSD0LpgV1GipNRU4dNIXa10 iLIvQS6X1w4bTs8seArloI+ZwqLM5728FjqD0WHOExwLYYC+EX/lTx1eL7YBB1dUzuUFoDB/ KW5rP+wWs3NJisBJ7q+mwu0BmKIvi80gAyYU1CH6aBGXShbGX4N8manrSkpYcZpbDs0nNoLR 7k4NjeBsQiM1VrG6gjhwlYYgnNj1EdwP+hpapF6ePL6XOwGNWwJ70ulVXaS2liPgGjxb7TSE qRHAUw0/pNtT2qPPn/2MX8LpDDxEMf11XU98oOBXLIm5Q0Zx6q+KhbzXNQbk/e2q294QrzZI Mc0FCcLS3i3hRSlAZfsDH6WEa5V5uaaR35DsePUDp5LKUoOcbsuzIfveHOluYX/WhP+KATCY wKr9US8fNKOLWvPZNObFI4vUrt3i8diJwdVaYAyqte6kf4qFADn0+4q+SCYArGx7ZqTOjsuF hNEBHjiu4kjgYSJzy4FFN0DPoHPI/xmYC6yAHZ934ARzGwpHbnF4FuwaG2jpU7bBiCyvKmPH VhYHOcRx/jJlDvTVi1XoNaCfSves5s4LsR4fJssrenmEsKFFEN7mgqh2rNOyh3OoY9o4tq/g /Ye3YCYt49cDPwic8oF6IQRlzYEjxlggsDnrJmbdbYIl1HVj8DoU1MBj++PqnZH9
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 13 May 2018 09:34:25 -0400
In-reply-to: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Openpgp: preference=signencrypt
References: <5e7d99ef-9514-cee4-985f-7f1d4a21dfec@riseup.net>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent:


Am 11.05.2018 um 00:16 schrieb nusenu:
> Dear Exit Relay Operators,
> 
> I'd like to invite you to check your exit's DNS resolver by 
> having a look at the following list of exits using resolvers
> outside their AS (especially if it is Google, OpenDNS, Quad9 or Cloudflare).
> 
> You can search the list for you contactinfo, relay nickname or relay fingerprint (first 8 characters):
> 
> https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt
> 
> 
> I extended the "DNS on Exit Relays" section in the Tor Relay Guide
> to include specific instructions what is recommended for Tor exit operators with 
> regards to DNS on exit relays.
> 
> https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays
> 
> If you found yourself on the list above and changed your DNS to a local (same host or same AS)
> resolver or found a false-positive, please drop me an email (off-list is also ok).
> 
> 
> The goal is to be bellow the following thresholds within one year:
> - not have any single remoteAS entity control more than 10% exit capacity
> - reduce the overall remoteAS share to bellow 20% exit capacity
> 
> the longer version of this can be found at:
> https://medium.com/@nusenu/who-controls-tors-dns-traffic-a74a7632e8ca
> 
> thanks for helping with DNS decentralization on the tor network,
> nusenu

Thank you for giving another helpful push on that nusenu !!

I changed my Linux exits. 
Unfortunately the /etc/resolv.conf gets overwritten on reboot. On Linux I solved that with editing /etc/resolvconf/resolv.conf.d/base. In that file, i put in the info as i would in resolv.conf.

nameserver 127.0.0.1

Then i told resolvconf to regenerate resolv.conf

sudo resolvconf -u



How do i protect against overwriting best in FreeBSD (maybe there could be a hint on https://trac.torproject.org/projects/tor/wiki/TorRelayGuide#DNSonExitRelays ) as well?

Where can I find an Update of https://gist.github.com/nusenu/cb766ff7945fafd9f90ee7f211a2508f#file-tor-dns-april-2018-txt ?

How can one find out which DNS resolver an exit uses?

Thanks
Paul 
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: grarpamp
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Ian Zimmerman
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu
- Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: Ralph Seichter

References:
- [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
  - From: nusenu

Prev by Author: [tor-relays] Info about Provider Scaleway and cheap "ARM server"
Next by Author: Re: [tor-relays] VPNGate Project Exit Node Volunteers / I2P
Previous by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Next by thread: Re: [tor-relays] lets stop using central big DNS resolvers (Google, Level3, OpenDNS, Quad9, Cloudflare)
Index(es):
- Author
- Thread